Share via

Defender for Cloud - "Machines should have vulnerability findings resolved" Stopped Populating

Cusimano, Joey 80 Reputation points
2025-08-05T18:04:31.8433333+00:00

I perform weekly reviews of Microsoft Defender for Cloud's "Recommendations" and have noticed that in the past several weeks, we have not had any findings under the item "Machines should have vulnerability findings resolved".

findings1

There are two items that we have been seeing for months and know we have not resolved entirely, so they should still be showing up. Additionally, we typically see other findings show up here. Pending Windows updates, Chrome browser updates, and Visual Studio updates are the most common items and we see should have seen these showing up in the past several weeks but have not seen a single one. These items helped serve as a "sanity check" that data was updating, so their absence has me convinced that something is wrong. Findings under this recommendation do not persist once resolved, so it is not possible to see them as "completed". For example, a missing Chrome update reported as a finding disappears entirely once the update is applied and the dashboard refreshes.

I checked this recommendation for each VM individually and the "Last change date" shows as 7/7/2025 for all of them. The freshness interval shows as 12 hours, but there is no indicator of when the data was last updated to verify that it is in fact doing these checks every 12 hours or more and still showing no findings.

findings2

We need a way to verify that this is updating, and I can't seem to find one. We just see a blank dashboard with a last changed date of 7/7/2025 and no further information, and I have lost confidence that we can trust this dashboard as letting us know that we have no to-do items on this recommendation anymore when we had planned to address two items long term that suddenly stopped showing up weeks ago.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jose Benjamin Solis Nolasco 4,906 Reputation points
    2025-08-05T19:01:29.8933333+00:00

    Hi @Cusimano, Joey I hope you are doing well,

    Thanks for the detailed report — you’ve clearly done your due diligence, and I can understand your concern about the sudden disappearance of expected findings from Defender for Cloud.

    Here are some targeted steps and insights to help verify whether the recommendation is truly up to date or if something is failing in the backend:

    1. Verify the Dependency: Defender for Endpoint (MDE) Integration

    This specific recommendation depends heavily on Microsoft Defender for Endpoint (MDE) data being properly ingested into Defender for Cloud.

    Please confirm:

    Your machines are still onboarded to MDE.

    MDE sensors are reporting vulnerability data (you can verify this in the Microsoft 365 Defender portal at https://security.microsoft.com > Vulnerabilities).

    In Defender for Cloud, go to Environment Settings > Integrations and verify that Defender for Endpoint integration is still enabled for the affected subscriptions.

    2. Validate Vulnerability Assessment Extension

    For non-MDE environments, Defender for Cloud relies on the Log Analytics agent or the VM extension for vulnerability assessment (Qualys or built-in scanner).

    Check if:

    • The VA extension is still installed and running on the VMs.
    • There are no errors or stale statuses under Defender for Cloud > Inventory > Extensions.

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.